Category Archives: Security

New York Times columnist falls prey to signal repeater car burglary

Last week, the New York Times columnist Nick Bilton took to Twitter to let the world know that two kids broke into his car before his very eyes. What made the break-in a little more remarkable was the fact that, according to Bilton, the perps used an electronic device to simply unlock his Toyota Prius, rather than doing things the old-fashioned way with a slim jim, coat hanger, or brick.

Bilton has elaborated on the event in his column, where he postulates that the young miscreants gained entry to his car (and those of several of his neighbors) by amplifying the signal between his keyless entry fob and car. Keyless entry systems typically only communicate with their remote fobs over the distance of a few feet, but he thinks that the gadget is capable of extending this range, fooling the car into thinking that the remote is within range even though it was actually in Bilton's House, about 50 feet away. He arrived at this theory after he consulted with Boris Danev, a Swiss-based security expert:

"It's a bit like a loudspeaker, so when you say hello over it, people who are 100 meters away can hear the word, 'hello,'" Mr. Danev said. "You can buy these devices anywhere for under $100." He said some of the lower-range devices cost as little as $17 and can be bought online on sites like eBay, Amazon and Craigslist.

This isn't the first time that signal repeaters have been linked to car burglaries in California. In 2013, we reported on a similar spate of thefts in Long Beach, CA, that left local police 'stumped.' And it’s not the only way of gaining entry to a supposedly secure car; The Register has previously covered devices that can eavesdrop on the signal between a BMW and its remote, allowing miscreants to program a blank remote for later use.

Read 1 remaining paragraphs | Comments

Meet the e-voting machine so easy to hack, it will take your breath away

Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts.

The AVS WINVote, made by Advanced Voting Solutions, passed national Voting Systems Standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of "admin," "abcde," and "shoup" to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections.

The weak passwords—which are hard-coded and can't be changed—were only one item on a long list of critical defects uncovered by the review. The Wi-Fi network the machines use is encrypted with wired equivalent privacy, an algorithm so weak that it takes as little as 10 minutes for attackers to break a network's encryption key. The shortcomings of WEP have been so well-known that it was banished in 2004 by the IEEE, the world's largest association of technical professionals. What's more, the WINVote runs a version of Windows XP Embedded that hasn't received a security patch since 2004, making it vulnerable to scores of known exploits that completely hijack the underlying machine. Making matters worse, the machine uses no firewall and exposes several important Internet ports.

Read 6 remaining paragraphs | Comments

Google Chrome 42 Stomps A LOT Of Bugs & Disables Java By Default

Ah finally, the end of NPAPI is coming – a relic from the Netscape era the Netscape Plugin API causes a lot of instability in Chrome and security issues. It means Java is now disabled by default along with other NPAPI based plugins in Google Chrome 42. Chrome will be removing support for NPAPI totally [...] The post Google Chrome 42 Stomps...

Read the full post at darknet.org.uk

In-flight Wi-Fi is “direct link” to hackers

Airplanes with in-flight Wi-Fi are vulnerable to hacks by passengers and could be targeted by a "malicious attacker" on the ground, a US report has warned.

The US Government Accountability Office (GAO) described the potential dangers in a new report for the Federal Aviation Administration (FAA) titled "FAA Needs a More Comprehensive Approach to Address Cybersecurity As Agency Transitions to NextGen."

The study explained that IP networks of all kinds left flights open to cyberattacks—whether that's in-flight wireless entertainment systems, Internet-based cockpit communications or the new Next Generation Air Transportation System due to be implemented by 2025.

Read 12 remaining paragraphs | Comments

Copyright © 1995 - 2015. Kashif Ali.